|
Eudora attachment spoofing
|
|
Secunia Advisory:
|
SA7529
|
|
|
Release Date:
|
2002-11-15
|
|
Last Update:
|
2003-05-27
|
|
Popularity:
|
9,414 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Eudora 5.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Qualcomm was contacted in August regarding a bug which allowed maliciously crafted attachment names to be executed without warning.
This can be abused to make the recipient believe that he/she has received a legitimate attachment, when in fact the attachment is an executable file which will be executed without warning when clicked upon.
Alternate ways have been identified allowing attachment spoofing in a way that looks more legitimate. This could be exploited to show a default windows icon instead when infact an executable will be activated, another way allows complete manipulation of the filename, but will show a broken icon. Another method could also be used to execute JavaScript.
See "Other References" for details.
This vulnerability has been reported to exist in version 5.2.1 as well.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
